I'd really like to see a working setup as you've just described. One which doesn't take hours of fiddling to make two DHCP servers (WAN and LAN) co-exist on the same dumb switch.

Meanwhile, I'll go back to using two NICs..

Two DHCP servers are not coexisting on the switch. The switch must have a hard IP address. A local IP address, mind you. The external IP address provided by your ISP is not assigned to the switch, it is assigned to the router. The router is the gateway device on your network, not the switch. It doesn't matter that the WAN is connected to the switch and not the router directly, because the switch is just a bridge. It just passes the packets along, it doesn't make any decisions about where they should go. All decisions are made by the router using static routing tables.

jessekopelman: Can you please post links to some of the switches which can do what you are saying you can do.

Well, let me make one correction to what I said in one of the posts: You aren't going to be able to assign IP address based on switch port. I got too caught up in what I was trying to describe and didn't pay enough attention to what I was actual writing. Other than doing that, I was just talking about using a switch as an Ethernet bridge and any switch can do that.

I dont see how I can do this using a single port ethernet on a linux computer and a consumer network switch...

I don't see the problem. The switch is just a bridge, it just passes stuff along. The ISP network is connected to the switch, but all packets are just passed to your router. The router requests an IP from the ISP's DHCP server and it is passed through the switch back to the router. A device on your LAN requests 10.10.10.0/24 and it is passed through the switch to your router. Same with a request for 192.168.10.0/24. Now you may not be able to isolate your networks by Ethernet port, since you won't actually know what switch port a device is connected to, but you will be able to use MAC addresses to control what IP address a device is assigned and you will be able to control what networks a given IP address can communicate with via routing.

ghatothkach wrote:

Next I will have to configure shorewall (www.shorewall.net) if you read through some of the documentation, I need to configure 3 interfaces with the software and setup the configuration. I am unable to understand how I will see the 3 or 4 interfaces on the consumer switch visible on the linux computer... which has only one interface...

Well, I am talking about routing by IP address not physical interface. If you absolutely have to do control by physical interface, than my solution will not work. That said, the routing solution I propose seems to be fully supported by Shorewall -- look at this. I believe the same can be said for pretty much every popular firewall package.

Thanks for the link... I will look into it.. the price is right so is the CPU speed, not yet sure if I can install a HDD on to the board... but I guess will work through the USB... Also I will have to host my www server elsewhere as this is a perfect router board, but many not be powerful enough for a webserver, but definitely better than the NSLU2

Ghat

You can get minipci ide or SATA cards. I've need for PCI slots, so can't use it unfortunately.

The switch is just a bridge, it just passes stuff along. The ISP network is connected to the switch, but all packets are just passed to your router.

Yes, it passes the DHCP requests from your clients along to the modem. This is.. not wanted behaviour.

You are correct. I wasn't thinking this through properly. Single port router really only works for all-static IP configuration. DHCP is probably too useful to live without, so that consigns my idea to niche implementations. Oh well . . . I guess if you want to build your own router you just got to pony up for a board with two Ethernet ports. Thanks for setting me straight.

Can you run Windows firewall alongside McAfee firewall or is it detrimental to the operation of the system? I have running the Windows XP firewall, alongside my McAfee firewall and associated products. By running 2 firewalls alongside each other, is it to the detriment of the system?
______________________
matrimonial magazine

Last edited by pacella on Fri Nov 20, 2009 11:36 pm, edited 1 time in total.

@jessekopelman/Monkeh16
Managed switches, especially 100mbit, are very easy to come by. I'm in the business so I get some (HP 2424M) from contacts I know, but some I pick up as the local college/businesses upgrade their network and hand off the old switches to surplus outlets (HP 4000M + modules, BayStack 350T, and a couple Cisco 10mbit). Sure, they don't have anywhere near the protocol support that a modern, more expensive switch has (even my Powerconnect 5324 puts it to shame), but they usually have the things you need to run a decent home network (link aggregation, spanning tree, and of course, VLAN support).

@zprst
I am surprised you don't like the Via. I don't have that particular model, but I own two EPIA boards (one is a C3, the other is a C7) and they have worked almost flawlessly. There was an issue with VLAN tagging on the C7 machine being sent in the wrong endian (VT6122 controller), but a quick PR to the FreeBSD team got that fixed right away. It runs with 9K jumbo frames, hardware VLAN tagging, polling, etc., with no issues. The SN10000EG does use a different controller (VT6130), and I don't run Linux, so I can't comment on that particular situation, but these boards have been amazing for me, particularly for their hardware crypto.

@jessekopelman/Monkeh16Managed switches, especially 100mbit, are very easy to come by. I'm in the business so I get some (HP 2424M) from contacts I know, but some I pick up as the local college/businesses upgrade their network and hand off the old switches to surplus outlets (HP 4000M + modules, BayStack 350T, and a couple Cisco 10mbit). Sure, they don't have anywhere near the protocol support that a modern, more expensive switch has (even my Powerconnect 5324 puts it to shame), but they usually have the things you need to run a decent home network (link aggregation, spanning tree, and of course, VLAN support).

100Mbit, yes. Gigabit is much harder (to the tune of several hundred pounds). And if you want to mix MTUs in a simple manner, you can tack another 50% on that for a layer-3 switch.

Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum